CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1126 vulnerabilities reference this CWE, most recent first.
GHSA-CHQ4-235Q-JP7W
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-06-09 12:32An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
{
"affected": [],
"aliases": [
"CVE-2025-59719"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:55Z",
"severity": "CRITICAL"
},
"details": "An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.",
"id": "GHSA-chq4-235q-jp7w",
"modified": "2026-06-09T12:32:00Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59719"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHW7-Q7HH-9VC2
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-07-11 00:00Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
{
"affected": [],
"aliases": [
"CVE-2020-23533"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-06T16:15:00Z",
"severity": "HIGH"
},
"details": "Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants\u0027 websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.",
"id": "GHSA-chw7-q7hh-9vc2",
"modified": "2022-07-11T00:00:18Z",
"published": "2022-05-24T17:46:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23533"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"type": "WEB",
"url": "https://www.dropbox.com/s/6smwnbrp0kgsgrc/poc_code.py?dl=0"
},
{
"type": "WEB",
"url": "https://www.dropbox.com/s/czbkdr73tclq2nr/UnionPay_Vulnerability_Report.txt?dl=0"
},
{
"type": "WEB",
"url": "http://mobitec.ie.cuhk.edu.hk/cve_2020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CJ56-5C53-9QJF
Vulnerability from github – Published: 2026-06-25 18:30 – Updated: 2026-06-26 18:33wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.
{
"affected": [],
"aliases": [
"CVE-2026-55961"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T18:16:41Z",
"severity": "HIGH"
},
"details": "wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.",
"id": "GHSA-cj56-5c53-9qjf",
"modified": "2026-06-26T18:33:49Z",
"published": "2026-06-25T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55961"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10702"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CM49-FH74-75CH
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-23 15:30Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
{
"affected": [],
"aliases": [
"CVE-2021-26391"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T21:15:00Z",
"severity": "HIGH"
},
"details": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.",
"id": "GHSA-cm49-fh74-75ch",
"modified": "2022-11-23T15:30:22Z",
"published": "2022-11-10T12:01:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26391"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMJG-6Q27-6FR4
Vulnerability from github – Published: 2026-07-07 12:31 – Updated: 2026-07-07 12:31Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.
This issue affects Liman MYS: before release.Master.1107.
{
"affected": [],
"aliases": [
"CVE-2026-11348"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-07T12:16:28Z",
"severity": "HIGH"
},
"details": "Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\n\nThis issue affects Liman MYS: before release.Master.1107.",
"id": "GHSA-cmjg-6q27-6fr4",
"modified": "2026-07-07T12:31:36Z",
"published": "2026-07-07T12:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11348"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP57-FQ8G-QH6V
Vulnerability from github – Published: 2026-03-26 18:00 – Updated: 2026-03-26 18:00The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma_1 - \beta$ (line 13 of Algorithm 8). The same check is required to be performed during signature generation.
libcrux-ml-dsa did not perform this check correctly during signature verification, accepting signatures with signer response norm above the allowed maximum value. The check is correctly performed during signing.
Impact
Applications using libcrux-ml-dsa for signature verification would have accepted signatures that would be rejected by a conforming implementation.
Mitigation
Starting from version 0.0.8, signature verification uses the correct value for $\gamma_1$ in the signer response norm check.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libcrux-ml-dsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T18:00:28Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The ML-DSA verification algorithm as specified in [FIPS 204, subsection 6.3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#subsection.6.3) requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\\gamma_1 - \\beta$ (line 13 of Algorithm 8). The same check is required to be performed during signature generation.\n\nlibcrux-ml-dsa did not perform this check correctly during signature verification, accepting signatures with signer response norm above the allowed maximum value. The check is correctly performed during signing.\n\n## Impact\nApplications using libcrux-ml-dsa for signature verification would have accepted signatures that would be rejected by a conforming implementation.\n\n## Mitigation\nStarting from version `0.0.8`, signature verification uses the correct value for $\\gamma_1$ in the signer response norm check.",
"id": "GHSA-cp57-fq8g-qh6v",
"modified": "2026-03-26T18:00:28Z",
"published": "2026-03-26T18:00:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cryspen/libcrux/pull/1347"
},
{
"type": "PACKAGE",
"url": "https://github.com/cryspen/libcrux"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0077.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "libcrux has an Incorrect Check of Signer Response Norm During Verification"
}
GHSA-CPPW-2MF8-QPM5
Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2024-09-24 15:48Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-synapse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-18835"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-19T19:32:08Z",
"nvd_published_at": "2019-11-08T00:15:00Z",
"severity": "HIGH"
},
"details": "Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over `/send_join`, `/send_leave`, and `/invite` may not be correctly signed, or may not come from the expected servers.",
"id": "GHSA-cppw-2mf8-qpm5",
"modified": "2024-09-24T15:48:55Z",
"published": "2022-05-24T22:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18835"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/pull/6262"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/commit/172f264ed38e8bef857552f93114b4ee113a880b"
},
{
"type": "PACKAGE",
"url": "https://github.com/matrix-org/synapse"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.5.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-186.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Improper Verification of Cryptographic Signature in matrix-synapse"
}
GHSA-CQGF-G3QQ-HHXW
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2025-02-13 18:32Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2023-20568"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:15Z",
"severity": "MODERATE"
},
"details": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.",
"id": "GHSA-cqgf-g3qq-hhxw",
"modified": "2025-02-13T18:32:03Z",
"published": "2023-11-14T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20568"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQVM-J2R2-HWPG
Vulnerability from github – Published: 2023-03-17 14:42 – Updated: 2023-03-17 14:42Summary
Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality.
Details
Russh does not validate Diffie-Hellman keys.
It accepts received DH public keys $e$ where $e<0$, $e=1$, or $e \geq p-1$ from a misbehaving peer annd successfully performs key exchange.
This is a violation of RFC 4253, section 8 and RFC 8268, section 4, which state that:
DH Public Key values MUST be checked and both conditions:
- $1 < e < p-1$
- $1 < f < p-1$
MUST be true. Values not within these bounds MUST NOT be sent or accepted by either side. If either one of these conditions is violated, then the key exchange fails.
For example, a DH client public key $e=1$ would mean that the shared secret that the server calculates is always $K = e^y \mod{p} = 1^y \mod{p} = 1$. In other cases, an insecure order-2 subgroup may be used.
Also, the code does not look like it ensures that the generated secret key $y$ is in the valid interval $0 < y < q$ (or, if russh is the client, that the secret key $x$ satisfies $1 < x < q$):
https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L72-L76
For example, rng.gen_biguint() might return a number consisting of zeroes, so that $y = 0$.
The public key is not validated either: https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L78-L81
Impact
Due to the issues in the DH key generation, I think any connection that uses Diffie-Hellman key exchange is affected. Connections between a russh client and server or those of a russh peer with some other misbehaving peer are most likely to be problematic. These may vulnerable to eavesdropping.
Most other implementations reject such keys, so this is mainly an interoperability issue in such a case.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "russh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.36.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "russh"
},
"ranges": [
{
"events": [
{
"introduced": "0.37.0"
},
{
"fixed": "0.37.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28113"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-17T14:42:45Z",
"nvd_published_at": "2023-03-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nDiffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality.\n\n### Details\n\nRussh does not validate Diffie-Hellman keys.\n\nIt accepts received DH public keys $e$ where $e\u003c0$, $e=1$, or $e \\geq p-1$ from a misbehaving peer annd successfully performs key exchange.\n\nThis is a violation of [RFC 4253, section 8](https://www.rfc-editor.org/rfc/rfc4253#section-8) and [RFC 8268, section 4](https://www.rfc-editor.org/rfc/rfc8268#section-4), which state that:\n\n\u003eDH Public Key values MUST be checked and both conditions:\n\u003e\n\u003e - $1 \u003c e \u003c p-1$\n\u003e - $1 \u003c f \u003c p-1$\n\u003e\n\u003e MUST be true. Values not within these bounds MUST NOT be sent or\n\u003e accepted by either side. If either one of these conditions is\n\u003e violated, then the key exchange fails.\n\nFor example, a DH client public key $e=1$ would mean that the shared secret that the server calculates is always $K = e^y \\mod{p} = 1^y \\mod{p} = 1$.\nIn other cases, an insecure order-2 subgroup may be used.\n\nAlso, the code does not look like it ensures that the generated secret key $y$ is in the valid interval $0 \u003c y \u003c q$ (or, if russh is the client, that the secret key $x$ satisfies $1 \u003c x \u003c q$):\nhttps://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L72-L76\nFor example, `rng.gen_biguint()` might return a number consisting of zeroes, so that $y = 0$.\n\nThe public key is not validated either:\nhttps://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L78-L81\n\n### Impact\n\nDue to the issues in the DH key generation, I think any connection that uses Diffie-Hellman key exchange is affected.\nConnections between a russh client and server or those of a russh peer with some other misbehaving peer are most likely to be problematic. These may vulnerable to eavesdropping.\n\nMost other implementations reject such keys, so this is mainly an interoperability issue in such a case.\n",
"id": "GHSA-cqvm-j2r2-hwpg",
"modified": "2023-03-17T14:42:45Z",
"published": "2023-03-17T14:42:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/security/advisories/GHSA-cqvm-j2r2-hwpg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28113"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/commit/45d2d82930bf4a675bd57abfafec8fe4065befcd"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/commit/d831a3716d3719dc76f091fcea9d94bd4ef97c6e"
},
{
"type": "PACKAGE",
"url": "https://github.com/warp-tech/russh"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L72-L76"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L78-L81"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/releases/tag/v0.36.2"
},
{
"type": "WEB",
"url": "https://github.com/warp-tech/russh/releases/tag/v0.37.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "russh may use insecure Diffie-Hellman keys"
}
GHSA-CQVV-R3G3-26RF
Vulnerability from github – Published: 2023-10-23 03:30 – Updated: 2023-10-31 22:07pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/udm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46324"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-24T02:00:10Z",
"nvd_published_at": "2023-10-23T01:15:07Z",
"severity": "HIGH"
},
"details": "pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker\u0027s public key.",
"id": "GHSA-cqvv-r3g3-26rf",
"modified": "2023-10-31T22:07:50Z",
"published": "2023-10-23T03:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46324"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/udm/pull/20"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/udm/commit/5e1479cc686f058992557669b13fd3761a1b6024"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/udm"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0"
},
{
"type": "WEB",
"url": "https://www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "free5GC udm vulnerable to Invalid Curve Attack"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.